Aptabase
Web analytics tools ignore native mobile, desktop, and game apps; Aptabase was built for exactly those. If Firebase Analytics would force a privacy-policy footnote you don't want to write, this is the alternative - session-based metrics with no cookies, no IDFA or GAID, no device fingerprinting, and a daily-rotated salt that makes cross-day re-identification mathematically impossible. That design means GDPR, CCPA, and PECR compliance out of the box and "Data Not Collected" App Store privacy labels without ATT prompts. The SDK coverage is the widest in its category: eleven first-party libraries spanning Swift, Kotlin, Flutter, React Native, Tauri, Electron, .NET MAUI, NativeScript, Unity, Unreal Engine, and JavaScript for web - each MIT-licensed, following platform conventions, and accepting a custom host parameter that points at your instance. Integration is minutes: initialize with an app key, call trackEvent with optional properties, and the dashboard shows sessions, events, app versions, OS breakdowns, and country-level geography. The self-hosted stack is a .NET server over PostgreSQL for metadata and ClickHouse for high-volume event ingestion, giving cloud-parity features under an AGPL license. For indie iOS/Android apps, Electron and Tauri tools, and Unity or Unreal games, it replaces Firebase without the Google entanglement.
Usermemos
Memos, the lightweight open-source note service from the usememos project, packaged as a containerized deployment for multi-architecture Docker hosts (x86-64 and arm64): that is Usermemos. The model is frictionless capture: no folders or titles, just a chronological stream of Markdown notes with code blocks, task lists, tables, and file attachments, organized by #hashtags pulled automatically from the text. Per-memo visibility - private, protected for logged-in users, or public - lets a single instance serve as a personal journal, a shared team log, or a public microblog simultaneously. Multi-user support with authentication makes it workable for small teams, and full REST and gRPC APIs open capture and retrieval to CLIs, bots, and automation tools. The runtime is a single Go binary with a React frontend that idles around 50 MB of memory and stores content as plain Markdown in SQLite by default, with MySQL and PostgreSQL available for heavier deployments. Configuration happens through environment variables, access works over HTTP or HTTPS behind a reverse proxy, and there is no telemetry - notes stay on your server in a portable format.
Omni Tools
The ad-riddled "free online tools" sites people paste sensitive text into and upload confidential PDFs to - OmniTools replaces that whole ecosystem with one self-hosted app. It bundles 50+ utilities behind one clean React/TypeScript interface: image tools (resize, convert, crop, edit), video and audio tools (trim, reverse, convert), PDF tools (split, merge, edit), text and list utilities (case converters, formatters, shufflers), plus date/time, math, and data-format helpers for JSON, CSV, and XML. The architectural decision that makes it trustworthy is that all file processing happens entirely client-side in the browser - the server only serves static assets, and nothing you process ever leaves your device. That design has a pleasant side effect: the host needs almost no resources (people run it on a Raspberry Pi Zero), because your browser does the work while the server just delivers files. The Docker image is a remarkable 28 MB, making it one of the fastest apps to deploy and cheapest to keep running. There are no ads, no tracking, no accounts, and no upload limits. With multi-language support and an MIT license, it works equally well as a personal toolbox or a team-wide internal utility portal - one URL that replaces a bookmark folder full of questionable converters. Actively developed with 50 contributors and 9,500+ GitHub stars.
Plausible
Built as a direct rejection of the adtech model, Plausible is the best-known privacy-first web analytics tool - lightweight, cookie-free, and open-source. It sets no cookies and stores no personal data: unique visitors are counted via a hash of IP plus User-Agent that rotates every 24 hours and is never stored raw, so no consent banner is required and GDPR compliance is structural rather than contractual. The tracking script is under 1 KB - orders of magnitude lighter than GA - and the dashboard is a deliberate contrast to GA4's sprawl: one fast-loading page with visitors, sources, top pages, countries, devices, and UTM breakdowns, filterable by any dimension. Custom events and goals track signups and clicks, Google Search Console integration pulls in search queries, scheduled email reports keep stakeholders updated, and the Stats API (v2) plus CSV export feed data anywhere. This is the AGPL-licensed Community Edition, the same Elixir codebase that powers Plausible's cloud service, running as three containers: the web app, PostgreSQL for accounts, and ClickHouse for event storage - which means self-hosters get direct SQL access to raw analytics data the cloud version never exposes. Traffic data stays entirely on your server, with no visitor caps or per-pageview pricing.
MediKeep
Your medical history, fragmented across a dozen patient portals, in one place on your server: MediKeep (formerly Personal Medical Records Keeper) is a self-hosted health record system. Built with a React frontend and FastAPI backend over PostgreSQL, it organizes 14 categories of medical data - medications with dosages and schedules, conditions, procedures, allergies, immunizations, symptoms, injuries, doctor visits and encounters, treatments, lab results, and even medical equipment with service dates and supplier info. Treatment management is genuinely sophisticated: an advanced mode links treatments to their medications with per-medication overrides for prescriber, pharmacy, and effective dates, and reverse lookup shows which treatments use a given medication. A dashboard summarizes records and recent activity, file uploads attach documents to records, and tagging works across categories. When a new specialist asks for your history, the report builder assembles custom reports by category and exports to PDF, JSON, or CSV - a curated, portable summary instead of a folder of photocopies. Authentication supports Google and GitHub SSO with OIDC providers like Keycloak and Authelia expected to work, and the built-in backup system protects the archive. Health data is exactly what should never live in someone else's cloud.
Umami
No cookies, no fingerprinting, no cross-site tracking, no personal data collection - Umami's privacy contract is the foundation of the open-source web analytics platform. IP addresses are hashed rather than stored, which makes it GDPR, CCPA, and PECR compliant by default - the consent banner can come off the site entirely. The tracking script is under 2 KB, roughly 20x smaller than Google Analytics, so measurement stops being a page-weight tax. The dashboard covers the core metrics - pageviews, visitors, bounce rate, visit duration, referrers, browsers, devices, and countries - with any date range and filtering by country or device. Beyond pageviews, custom events track clicks, form submissions, and signups via a data attribute or one JavaScript call, and advanced reports add funnels, user journeys, retention and cohort analysis, goals, and automatic UTM campaign tracking. Anonymous session views show individual visitor activity without identifying anyone. Teams share websites with role-based access, one instance manages unlimited sites, and a full REST API exposes every metric programmatically. MIT-licensed and self-hosted on PostgreSQL or MySQL via Docker, your analytics data never leaves your infrastructure.
Joplin
Notes on Windows, macOS, Linux, Android, iOS, and the terminal, synced through your own server: Joplin pairs its open-source clients with Joplin Server, the official self-hosted backend that replaces Dropbox, OneDrive, or Nextcloud as the synchronization target. Notes are Markdown with inline attachments (images, PDFs, audio), organized into hierarchical notebooks and sub-notebooks with cross-cutting tags, alongside to-do lists with reminders and alarms. End-to-end encryption is the headline feature: enabled in the clients, it encrypts sync payloads on-device before upload, so the server stores blobs it cannot read - genuine protection even if the host is compromised. The desktop app offers both Rich Text and Markdown editors, extended by a plugin ecosystem, custom themes, and an Extension API for writing your own scripts; a Web Clipper for Chrome and Firefox captures full pages or screenshots straight into notebooks. Joplin Server ships as a Docker image with SQLite for evaluation and PostgreSQL for production, offers a filesystem storage driver for large content, and includes multi-user support and note sharing - all free under AGPL-3.0 when self-hosted. Notes stay in an open format, so the exit path always exists.
Collabora Office
Real LibreOffice document engineering in the browser: Collabora Online is built by the company employing much of the former SUSE LibreOffice team - not a reimplementation. This deployment runs CODE (Collabora Online Development Edition), the collabora/code server that renders and edits documents entirely server-side while browsers get high-fidelity WYSIWYG output, so layout and formatting survive round-trips that break lesser converters. Four editors ship in one container: Writer for text documents (comments, track changes with comparison and restoration, form handling), Calc for spreadsheets (advanced formulas, macros, pivot tables, per-user sheet views, server-enforced cell protection), Impress for presentations, and Draw for Visio-class diagrams. Format compatibility spans DOCX, XLSX, PPTX, the ODF family, PDF, and dozens more - including Visio and Publisher import. Real-time collaborative editing supports multiple simultaneous editors with visible cursors and commenting. The architectural point: documents are processed on your server and never leave it, which is why Collabora is the engine behind Nextcloud Office and integrates with ownCloud, Seafile, and any WOPI-speaking host - or embeds in your own application via the SDK. An admin console monitors sessions and memory. For organizations that need Google Docs-style collaboration with actual data sovereignty, this is the reference open-source answer.
Ghostfolio
Stocks, ETFs, crypto, bonds, precious metals, and cash across every account and currency, in one privacy-first dashboard: Ghostfolio is open-source wealth management software. The deliberate design decision is no brokerage linking: positions enter by manual entry, CSV import, or the REST API, so your holdings never pass through a data aggregator. Performance is measured as return on average investment across Today, WTD, MTD, YTD, 1Y, 5Y, and Max timeframes, with benchmark comparison against indices like the S&P 500, dividend tracking, and allocation breakdowns by asset class, region, and sector. A static X-ray analysis flags concentration and other portfolio risks, and a FIRE calculator projects progress toward financial independence. Multi-currency support converts holdings using historical exchange rates, market data comes from Yahoo Finance and CoinGecko among other pluggable providers, and everything exports back out as CSV or JSON. Built with Angular and NestJS on PostgreSQL and Redis, shipped as Docker images for amd64 and ARM, with a mobile-first PWA interface, dark mode, and a distraction-free Zen mode. AGPL-licensed.
Gotify
Real-time alerts from your own infrastructure to your phone, with no Firebase, Pushover, or third-party push service in the path: Gotify is a simple, self-hosted notification server written in Go. The model is deliberately minimal: senders push messages with a single HTTP POST to the REST API, receivers subscribe over a WebSocket stream, and a clean React web UI manages the pieces. Senders are namespaced as "applications," each with its own token, so your backup script, Uptime Kuma, CI pipeline, and cron jobs each get an identity, an icon, and independently revocable credentials - centralized alerting from many services with per-source management. Messages carry a title, body, and priority level that maps to notification importance on the client. The official Android app (on both F-Droid and Google Play, notable for working entirely without Google Play Services) shows push notifications for new messages; the web UI itself supports Web Push in the browser; and gotify/cli pushes messages from shell scripts with one command. A server-side plugin system adds custom behavior, and the whole thing runs as a single small binary with SQLite by default - near-zero resource footprint. Because dozens of tools (and Apprise) speak Gotify natively, it slots in as the notification hub for an entire homelab or ops stack.
It Tools
The utilities engineers otherwise scatter across a dozen ad-laden websites - 80+ of them - live together in IT-Tools, one fast, polished web app. Crypto covers JWT decoding, MD5 through SHA-512 hashing, HMAC and bcrypt generation, RSA key pairs, and password strength analysis. Converters handle JSON to CSV, YAML, and TOML, Base64 files, URL encoding, HTML entities, color formats, and Docker run commands to Compose files. Generators produce UUIDv4, ULID, BIP39 mnemonics, QR codes (including Wi-Fi QR), and tokens; text tools include a regex tester, diff viewer, slug and case converters; web utilities parse URLs and user agents, look up HTTP status codes and MIME types, and inspect Open Graph metadata; plus a cron parser, chmod calculator, and more. The privacy argument is the point: JWTs contain user IDs, hashes derive from passwords, JSON dumps hold PII - exactly the inputs you least want a third-party utility site to log. IT-Tools is a frontend-only static bundle (Vue/TypeScript, GPL-3.0, 39k+ GitHub stars) served by Nginx in one container, so everything runs client-side on your infrastructure with nothing transmitted anywhere. New tools ship roughly monthly, and a scaffolding script makes adding custom ones straightforward.
Endurain
A personal Strava on your own server: Endurain is a self-hosted fitness platform that keeps your complete workout history, GPS routes, and health data out of a vendor's cloud. It ingests the standard device formats (.gpx, .tcx, and preferred .fit with full sensor data) via manual or bulk upload, and syncs directly with Strava and Garmin Connect so migrating years of history is straightforward - Garmin sync covers activities, gear, and body composition. The dashboard shows activity feeds with weekly and monthly statistics, routes on maps, and distance, speed, and training-volume trends over time, with definable goals that update automatically. Gear tracking is notably deep: log wetsuits, bicycles, shoes, racquets, skis, and snowboards, assign default gear per activity type, and track individual components like bike chains against replacement mileage. Multi-user support with admin and user roles, follower features, per-activity privacy settings, and configurable sign-up (email verification, admin approval) make it usable for clubs and coaches as well as individuals. Auth is serious for a fitness app: MFA TOTP, OIDC/SAML SSO, and email-based password resets via Apprise. The stack is Vue.js over a Python FastAPI backend with PostgreSQL, plus weight, steps, and sleep logging, imperial/metric units, multi-language support, and third-party app integration.
Languagetool
Grammar, punctuation, and style errors a dictionary lookup can't see: LanguageTool is open-source proofreading powered by a Java rule engine covering English, German, Spanish, French, Portuguese, Dutch, and 25+ other languages. Self-hosting the HTTP server is how you get Grammarly-class checking without sending every sentence you write to a third party - a real concern when the text being proofread is confidential email, legal drafts, or unreleased documentation. Your instance exposes the standard /v2/check API, so the official ecosystem plugs straight in: browser extensions for Chrome and Firefox accept a custom server URL, and integrations exist for VS Code, LibreOffice, Obsidian, Vim, Emacs, and many editors. Notably, self-hosting restores free browser-extension checking that the hosted service moved behind a premium subscription - your server, no character limits, no paywall. Detection quality is tunable: optional n-gram datasets (multi-gigabyte language models for en, de, es, fr, nl) teach the engine word-order and confusion-pair errors like there/their and brakes/breaks, and a fastText model improves automatic language identification. Everything runs offline once models are downloaded. The core is LGPL, the API is documented with Swagger, and rules are community- maintained and constantly expanding.
Nametag
CRM mechanics applied to your actual relationships instead of a sales pipeline: Nametag is a Personal Relationship Manager (PRM). It exists to fix the things you keep forgetting: when you last talked to an old friend, their kids' names, the birthday you missed twice. Contacts are tracked with flexible attributes - names, birthdays, important dates, and free-form notes for everything else - and organized into custom groups. Where it goes beyond a contacts app is relationship mapping: you define how people connect to each other (family, friends, colleagues, or custom relationship types), and an interactive D3.js-powered graph renders your entire personal network so you can see clusters and connections at a glance. Staying in touch is automated: scheduled reminders fire for birthdays, important dates, and reach-out nudges, with optional email delivery via a Resend API key for password resets and reminder notifications. Built with Next.js, it is mobile-responsive, ships with full dark mode, and supports multiple languages including English and Spanish. Because it is self-hosted, there are no account tiers or contact limits - unlimited people and relationships, with every note about your personal life stored on your own server rather than a social-graph company's cloud. A lightweight, single-container deployment makes it one of the easiest personal tools to run.
Radicale
Calendars, to-do lists, journal entries, and contacts, synced over the open CalDAV and CardDAV standards nearly every client already speaks: Radicale is a small pure-Python server that works with Thunderbird, DAVx5 on Android, Apple Calendar and Contacts, GNOME, and many more. Its defining design choice is radical simplicity: there is no database. Events live as plain .ics files and contacts as .vcf files in an ordinary folder structure, which makes backup a copy command, migration a move, and disaster recovery a matter of reading text files. The server works out of the box with no complicated setup, then grows as needed: flexible authentication (htpasswd files among other methods), per-collection authorization rules, TLS-secured connections, and a plugin system for extending storage, auth, and rights handling. Built-in limits on parallel connections, file sizes, and failed authentication attempts harden it for network exposure behind a reverse proxy. A bundled web interface handles creating and managing calendars and address books - useful since many clients cannot create collections themselves. Maintained since 2011 with 140+ contributors, GPLv3-licensed, and light enough to run on the smallest VPS or a Raspberry Pi.
PsiTransfer
Upload files, get a share link, let it expire: PsiTransfer is a self-hosted WeTransfer with no accounts, no logins, and no third-party cloud with size caps and metadata harvesting. The engineering focus is large files over imperfect networks. Uploads use the tus.io resumable protocol, so a dropped connection on a multi-gigabyte video resumes exactly where it stopped once you're back online; downloads support HTTP range headers for the same resilience, and everything streams, so file size is bounded by your disk rather than memory. Files organize into upload buckets with retention you control: expire after a set time (up to weeks) or after a one-time download, with automatic cleanup when links lapse. Recipients need nothing installed - they open the link, preview files in modal views, and grab everything as a zip or tar.gz archive with one click. Buckets can be password-protected (AES-encrypted download lists), and security-through-obscurity is done properly: bucket URLs use hashed UUID tokens and stored filenames are replaced with UUIDs. An optional admin page (enabled by setting an admin password) lists bucket information and storage. The Vue.js frontend ships under 100 KB gzipped and is fully responsive. Honest caveat from the author: no end-to-end payload encryption yet. BSD-licensed, Docker-ready.
Journiv
A Day One alternative that keeps your most personal writing on your own server: Journiv is journaling purpose-built for self-hosters. The FastAPI backend runs on SQLite by default with optional PostgreSQL, Redis, and Celery for background work, behind a clean, minimal web UI. Unlike general note-taking apps, it ships the features journaling actually needs: customizable moods and mood groups, activity tracking, goals with automated progress from logged activities, and daily writing prompts filterable by category and difficulty so a blank page never stalls you. Quick Log captures a moment in seconds and expands into a full entry later; "On This Day" resurfaces entries from past weeks, months, and years. Multiple journals separate work, gratitude, and personal writing, with tags and full-text search across everything, plus media uploads with automatic thumbnails and an Immich integration for linking photo-library memories. Analytics chart mood trends and writing patterns over time. Data portability is taken seriously: native import of Day One exports, JSON/Markdown/HTML export, and a standalone HTML viewer that opens your archive in any browser with no server running. OIDC single sign-on works with Authentik or Keycloak, and multi-arch images cover amd64 and arm64.
Lenpaste
Share code snippets, logs, configs, and notes without registration, tracking, or ads: Lenpaste is a minimal, self-hosted, anonymous alternative to pastebin.com. It is deliberately spartan in the right ways: no accounts, no JavaScript required (the entire site works in text browsers and hardened setups), and cookies used solely to store display preferences. Pastes support syntax highlighting across a long list of languages (from ApacheConf and Arduino to mainstream stacks), configurable expiration from minutes to unlimited, one-use "burn after reading" pastes that self-delete on first view, optional author attribution, and iframe embedding for dropping pastes into other pages. The form-encoded HTTP API covers everything the UI does - create pastes with title, syntax, expiration, and line-ending normalization, fetch them by ID, and query server capabilities - making it trivial to pipe command output to your paste server from shell scripts. Server operators control maximum title and body lengths, maximum paste lifetime, rate limits for viewing and creation, search-engine indexing policy, and can lock private instances behind HTTP Basic authentication. It deploys as a single lightweight Docker container, giving your team a snippet-sharing endpoint where the content never touches a third-party service.